597 lines
25 KiB
Plaintext
597 lines
25 KiB
Plaintext
-------------------------------------------------------------------
|
||
Mon Jan 29 21:16:31 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 24.0.0:
|
||
* Added OpenSSL.SSL.Connection.get_selected_srtp_profile to
|
||
determine which SRTP profile was negotiated. #1279.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 27 08:52:41 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 23.3.0:
|
||
* Dropped support for Python 3.6.
|
||
* The minimum ``cryptography`` version is now 41.0.5.
|
||
* Removed ``OpenSSL.crypto.loads_pkcs7`` and
|
||
``OpenSSL.crypto.loads_pkcs12`` which had been deprecated for
|
||
3 years.
|
||
* Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow
|
||
legacy insecure renegotiation between OpenSSL and unpatched
|
||
servers.
|
||
* Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to
|
||
have been deprecated at the same time as
|
||
``OpenSSL.crypto.load_pkcs12``).
|
||
* Deprecated ``OpenSSL.crypto.NetscapeSPKI``.
|
||
* Deprecated ``OpenSSL.crypto.CRL``
|
||
* Deprecated ``OpenSSL.crypto.Revoked``
|
||
* Deprecated ``OpenSSL.crypto.load_crl`` and
|
||
``OpenSSL.crypto.dump_crl``
|
||
* Deprecated ``OpenSSL.crypto.sign`` and
|
||
``OpenSSL.crypto.verify``
|
||
* Deprecated ``OpenSSL.crypto.X509Extension``
|
||
* Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept
|
||
* ``cryptography``'s ``x509.CertificateRevocationList``
|
||
arguments in addition
|
||
* to the now deprecated ``OpenSSL.crypto.CRL`` arguments.
|
||
* Fixed ``test_set_default_verify_paths`` test so that it is
|
||
skipped if no network connection is available.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 19 20:25:32 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 23.2.0:
|
||
* Removed ``X509StoreFlags.NOTIFY_POLICY``.
|
||
* ``cryptography`` maximum version has been increased to
|
||
41.0.x.
|
||
* Invalid versions are now rejected in
|
||
``OpenSSL.crypto.X509Req.set_version``.
|
||
* Added ``X509VerificationCodes`` to ``OpenSSL.SSL``.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 21 12:30:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- add sle15_python_module_pythons (jsc#PED-68)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 13 22:43:49 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Make calling of %{sle15modernpython} optional.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 28 15:40:13 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 23.1.1:
|
||
* Worked around an issue in OpenSSL 3.1.0 which caused
|
||
`X509Extension.get_short_name` to raise an exception when no
|
||
short name was known to OpenSSL.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 27 07:54:16 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 23.1.0:
|
||
* ``cryptography`` maximum version has been increased to
|
||
40.0.x.
|
||
* Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and
|
||
``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``
|
||
to support DTLS timeouts `#1180
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 2 18:47:06 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 23.0.0:
|
||
* Add ``OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN`` constant to allow for
|
||
users
|
||
to perform certificate verification on partial certificate chains.
|
||
* ``cryptography`` maximum version has been increased to 39.0.x.
|
||
- drop pyOpenSSL-pr1158-conditional-__all__.patch (upstream)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 21 14:20:05 UTC 2022 - Ben Greiner <code@bnavigator.de>
|
||
|
||
- Upstream post-release doc fix (gh#pyca/pyopenssl#1150)
|
||
* The minimum cryptography version is now 38.0.x (and we now pin
|
||
releases against cryptography major versions to prevent future
|
||
breakage)
|
||
- Add pyOpenSSL-pr1158-conditional-__all__.patch
|
||
gh#pyca/pyopenssl#1158
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 29 19:33:29 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 22.1.0:
|
||
* Remove support for SSLv2 and SSLv3.
|
||
* The minimum ``cryptography`` version is now 37.0.2.
|
||
* The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
|
||
changing its internal attributes.
|
||
* Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode``
|
||
to override the context object's verification flags.
|
||
* Add ``OpenSSL.SSL.Connection.use_certificate`` and
|
||
``OpenSSL.SSL.Connection.use_privatekey``
|
||
to set a certificate per connection (and not just per context)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 1 08:25:21 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com>
|
||
|
||
- Shift BuildRequires on openssl, it's only required for tests.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 4 23:21:43 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 22.0.0:
|
||
- Drop support for Python 2.7.
|
||
- The minimum ``cryptography`` version is now 35.0.
|
||
- Expose wrappers for some `DTLS
|
||
<https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_
|
||
primitives.
|
||
- drop check_inv_ALPN_lists.patch: upstream
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 9 05:55:51 UTC 2021 - Steve Kowalik <steven.kowalik@suse.com>
|
||
|
||
- Inject multibuild to avoid a build loop.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 30 19:08:35 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add check_inv_ALPN_lists.patch checks for invalid ALPN lists
|
||
before calling OpenSSL (gh#pyca/pyopenssl#1056).
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 26 20:27:12 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 21.0.0 (bsc#1200771, jsc#SLE-24519):
|
||
- The minimum ``cryptography`` version is now 3.3.
|
||
- Drop support for Python 3.5
|
||
- Raise an error when an invalid ALPN value is set.
|
||
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
|
||
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an
|
||
upcoming release of ``cryptography`` without raising deprecation warnings.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 1 18:07:21 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 20.0.1:
|
||
- Fixed compatibility with OpenSSL 1.1.0.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 22 22:28:30 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Adjust metadata for skip-networked-test.patch and refer to the proper
|
||
upstream ticket gh#pyca/pyopenssl#68.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 11 13:21:19 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- According to gh#pyca/pyopenssl#684 tests must run with TZ=UTC, also
|
||
skip test_verify_with_time on %ix86.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 9 16:41:15 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
|
||
|
||
- Update to v20.0.0
|
||
- Backward-incompatible changes:
|
||
- The minimum cryptography version is now 3.2.
|
||
- Remove deprecated OpenSSL.tsafe module.
|
||
- Removed deprecated
|
||
OpenSSL.SSL.Context.set_npn_advertise_callback,
|
||
OpenSSL.SSL.Context.set_npn_select_callback, and
|
||
OpenSSL.SSL.Connection.get_next_proto_negotiated.
|
||
- Drop support for Python 3.4
|
||
- Drop support for OpenSSL 1.0.1 and 1.0.2
|
||
- Deprecations:
|
||
- Deprecated OpenSSL.crypto.loads_pkcs7 and
|
||
OpenSSL.crypto.loads_pkcs12.
|
||
- Changes:
|
||
- Added a new optional chain parameter to
|
||
OpenSSL.crypto.X509StoreContext() where additional untrusted
|
||
certificates can be specified to help chain building. #948
|
||
- Added OpenSSL.crypto.X509Store.load_locations to set trusted
|
||
certificate file bundles and/or directories for verification.
|
||
#943
|
||
- Added Context.set_keylog_callback to log key material. #910
|
||
- Added OpenSSL.SSL.Connection.get_verified_chain to retrieve
|
||
the verified certificate chain of the peer. #894.
|
||
- Make verification callback optional in Context.set_verify. If
|
||
omitted, OpenSSL’s default verification is used. #933
|
||
- Fixed a bug that could truncate or cause a zero-length key
|
||
error due to a null byte in private key passphrase in
|
||
OpenSSL.crypto.load_privatekey and
|
||
OpenSSL.crypto.dump_privatekey. #947
|
||
- drop patch fix-compilation-2020.patch: no longer needed
|
||
- refreshed patch skip-networked-test.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 18 16:49:55 UTC 2020 - John Vandenberg <jayvdb@gmail.com>
|
||
|
||
- Update to v19.1
|
||
* Removed deprecated aliases ContextType, ConnectionType, PKeyType, X509NameType,
|
||
X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType.
|
||
Use the classes without the ``Type`` suffix instead.
|
||
* The minimum ``cryptography`` version is now 2.8
|
||
* Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback,
|
||
OpenSSL.SSL.Context.set_npn_select_callback, and
|
||
OpenSSL.SSL.Connection.get_next_proto_negotiated
|
||
ALPN should be used instead.
|
||
* Support bytearray in SSL.Connection.send() by using cffi's from_buffer
|
||
* The OpenSSL.SSL.Context.set_alpn_select_callback can return a new
|
||
NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake
|
||
to complete without an application protocol.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 22 12:02:59 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
|
||
|
||
- Add fix-compilation-2020.patch to fix tests after 2020
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 7 15:53:31 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
|
||
|
||
- Remove no longer necessary pytest argument -k "not test_export_text"
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 2 16:29:39 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>
|
||
|
||
- update to 19.0
|
||
- fixed build deps.
|
||
- drop patches: openssl-1.1.0i.patch
|
||
openssl-1.1.1.patch
|
||
opensuse_ca.patch
|
||
tls13-renegotiation.patch
|
||
* X509Store.add_cert no longer raises an error if you add a duplicate cert.
|
||
* pyOpenSSL now works with OpenSSL 1.1.1.
|
||
* pyOpenSSL now handles NUL bytes in X509Name.get_components()
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 1 18:06:10 UTC 2019 - Hans-Peter Jansen <hpj@urpla.net>
|
||
|
||
- remove everything to build docs:
|
||
- local-intersphinx-inventories.patch
|
||
- fetch-intersphinx-inventories.sh
|
||
- python3.inv
|
||
- crypto.inv
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 25 19:56:35 UTC 2019 - Todd R <toddrme2178@gmail.com>
|
||
|
||
- Add fetch-intersphinx-inventories.sh to sources
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 2 18:56:14 UTC 2019 - Hans-Peter Jansen <hpj@urpla.net>
|
||
|
||
- add local-intersphinx-inventories.patch for generating the docs
|
||
correctly
|
||
- add fetch-intersphinx-inventories.sh to fetch the inventories
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 30 13:41:43 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
|
||
|
||
- handle that renegotiation is forbidden in TLS 1.3
|
||
* add tls13-renegotiation.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 30 11:21:30 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch to fix issues with openssl 1.1.1:
|
||
* openssl-1.1.1.patch
|
||
- Drop the downstream fix_test_suite.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 30 01:06:28 CET 2018 - mcepl@suse.com
|
||
|
||
- Add patch fix_test_suite.patch to allow test suite to pass with
|
||
OpenSSL 1.1.1.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 5 14:31:59 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
|
||
|
||
- OpenSSL changed X509_STORE_add_cert in 1.1.0i such that it no longer
|
||
raises an error if a duplicate cert is added (bsc#1110435)
|
||
* https://github.com/pyca/pyopenssl/pull/787
|
||
* add X509_STORE_add_cert.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 24 09:08:36 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Add patch to work with openssl 1.1.0i+:
|
||
* openssl-1.1.0i.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 16 15:48:21 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Update to 18.0.0:
|
||
* Update for new openssl 1.1.1
|
||
- Remove not needed patches:
|
||
* bug-lp-1265482.diff
|
||
* rsa128-i586.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 14 14:41:50 UTC 2018 - hpj@urpla.net
|
||
|
||
- add missing python-cffi dependency
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 27 19:20:19 UTC 2018 - aplanas@suse.com
|
||
|
||
- Use %__python3 macro to call Python 3 binary
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 2 11:36:18 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Update to 17.5.0:
|
||
* The minimum cryptography version is now 2.1.4.
|
||
* Fixed various memory leaks
|
||
* Various fuzz fixes
|
||
* See CHANGELOG.rst
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 23 05:26:31 UTC 2017 - tbechtold@suse.com
|
||
|
||
- update to 17.2.0:
|
||
- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
|
||
- Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with
|
||
cryptography ``manylinux1`` wheels on Python 3.x.
|
||
- Fixed a crash with (EC)DSA signatures in some cases.
|
||
- Removed the deprecated ``OpenSSL.rand.egd()`` function.
|
||
Applications should prefer ``os.urandom()`` for random number generation.
|
||
- Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``.
|
||
Callers must now always pass an explicit ``digest``.
|
||
- Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``,
|
||
``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``,
|
||
and ``Revoked.set_lastUpdate()``. You must now pass times in the form
|
||
``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
|
||
will no longer work. `#612 <https://github.com/pyca/pyopenssl/pull/612>`_
|
||
- Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``,
|
||
``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``,
|
||
``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``,
|
||
``NetscapeSPKIType``.
|
||
The names without the "Type"-suffix should be used instead.
|
||
- Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()``
|
||
for converting X.509 certificate to and from pyca/cryptography objects.
|
||
- Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``,
|
||
``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()``
|
||
for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
|
||
- Added ``OpenSSL.debug`` that allows to get an overview of used library versions
|
||
(including linked OpenSSL) and other useful runtime information using
|
||
``python -m OpenSSL.debug``.
|
||
- Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate
|
||
the upcoming release of ``cryptography`` ``manylinux1`` wheels.
|
||
- Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream.
|
||
- Drop python-pyOpenSSL-always-overflow.patch. Applied upstream.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 10 11:38:17 CEST 2017 - ro@suse.de
|
||
|
||
- add patch to always trigger overflow in the testsuite
|
||
(gh#pyca/pyopenssl#657) b3460c6a9a45a016d1ab65c149c606fa3f07096d
|
||
|
||
python-pyOpenSSL-always-overflow.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 13 07:05:41 UTC 2017 - dimstar@opensuse.org
|
||
|
||
- Add python-pyOpenSSL=replace-expired-cert.patch: the root cert
|
||
expired, mking the test suite fail. Replace the certificate with
|
||
a new one, valid for 20 years (gh#pyca/pyopenssl#637).
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 5 21:32:55 UTC 2017 - toddrme2178@gmail.com
|
||
|
||
- Fix Provides/Obsoletes.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 26 14:20:27 UTC 2017 - toddrme2178@gmail.com
|
||
|
||
- Implement single-spec version
|
||
- Fix source URL
|
||
- Update to 17.0.0
|
||
* Added ``OpenSSL.X509Store.set_time()`` to set a custom
|
||
verification time when verifying certificate chains.
|
||
* Added a collection of functions for working with OCSP stapling.
|
||
None of these functions make it possible to validate OCSP
|
||
assertions, only to staple them into the handshake and to
|
||
retrieve the stapled assertion if provided.
|
||
Users will need to write their own code to handle OCSP
|
||
assertions.
|
||
We specifically added: ``Context.set_ocsp_server_callback``,
|
||
``Context.set_ocsp_client_callback``, and
|
||
``Connection.request_ocsp``.
|
||
* Changed the ``SSL`` module's memory allocation policy to
|
||
avoid zeroing memory it allocates when unnecessary.
|
||
This reduces CPU usage and memory allocation time by an amount
|
||
proportional to the size of the allocation.
|
||
For applications that process a lot of TLS data or that use
|
||
very lage allocations this can provide considerable performance
|
||
improvements.
|
||
* Automatically set ``SSL_CTX_set_ecdh_auto()`` on
|
||
``OpenSSL.SSL.Context``.
|
||
- Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.
|
||
- Rebase bug-lp-1265482.diff
|
||
- Rebase rsa128-i586.patch
|
||
- Rebase skip-networked-test.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 16 07:46:25 UTC 2016 - dmueller@suse.com
|
||
|
||
- fix source url
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 15 09:39:09 UTC 2016 - mlin@suse.com
|
||
|
||
- Change source url to pypi.io
|
||
* version 16.2.0 source tarball failed to download from pypi.python.org
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 14 08:46:18 UTC 2016 - mlin@suse.com
|
||
|
||
- Update to 16.2.0
|
||
* Deprecations
|
||
** Dropped support for OpenSSL 0.9.8.
|
||
* Changes
|
||
** Fix memory leak in OpenSSL.crypto.dump_privatekey() with FILETYPE_TEXT. #496
|
||
** Enable use of CRL (and more) in verify context. #483
|
||
** OpenSSL.crypto.PKey can now be constructed from cryptography objects and also
|
||
exported as such. #439
|
||
** Support newer versions of cryptography which use opaque structs for OpenSSL
|
||
1.1.0 compatibility.
|
||
** Fixed compatibility errors with OpenSSL 1.1.0.
|
||
** Fixed an issue that caused failures with subinterpreters and embedded Pythons.
|
||
#552
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 16 15:29:16 UTC 2016 - jmatejek@suse.com
|
||
|
||
- added %check section with testsuite
|
||
- skip-networked-test.patch - mark a test as networked so that we can
|
||
specify non-network test run
|
||
- rsa128-i586.patch - sidestep a crasher bug on 32bit platforms
|
||
by generating reasonably-sized RSA keys instead of small 128bit ones
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 9 09:54:12 UTC 2016 - hpj@urpla.net
|
||
|
||
- update to 16.0.0
|
||
Backward-incompatible changes:
|
||
* Python 3.2 support has been dropped. It never had significant real world
|
||
usage and has been dropped by our main dependency cryptography. Affected
|
||
users should upgrade to Python 3.3 or later.
|
||
Deprecations:
|
||
* The support for EGD has been removed. The only affected function
|
||
OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead.
|
||
Please see pyca/cryptography#1636 for more background information on this
|
||
decision. In accordance with our backward compatibility policy
|
||
OpenSSL.rand.egd() will be removed no sooner than a year from the release of
|
||
16.0.0.
|
||
* Please note that you should use urandom for all your secure random number
|
||
needs.
|
||
* Python 2.6 support has been deprecated. Our main dependency cryptography
|
||
deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually
|
||
dropping it. pyOpenSSL will drop Python 2.6 support once cryptography does.
|
||
Changes:
|
||
* Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate,
|
||
OpenSSL.SSL.Connection.renegotiate_pending, and
|
||
OpenSSL.SSL.Context.load_client_ca. They were lacking an implementation since
|
||
0.14. #422
|
||
* Fixed segmentation fault when using keys larger than 4096-bit to sign data.
|
||
#428
|
||
* Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called
|
||
before setting any app data. #304
|
||
* Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects
|
||
that represent public keys, and OpenSSL.crypto.load_publickey() to load such
|
||
objects from serialized representations. #382
|
||
* Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to
|
||
a string buffer. #368
|
||
* Added OpenSSL.SSL.Connection.get_state_string() using the OpenSSL binding
|
||
state_string_long. #358
|
||
* Added support for the socket.MSG_PEEK flag to OpenSSL.SSL.Connection.recv()
|
||
and OpenSSL.SSL.Connection.recv_into(). #294
|
||
* Added OpenSSL.SSL.Connection.get_protocol_version() and
|
||
OpenSSL.SSL.Connection.get_protocol_version_name(). #244
|
||
* Switched to utf8string mask by default. OpenSSL formerly defaulted to a
|
||
T61String if there were UTF-8 characters present. This was changed to
|
||
default to UTF8String in the config around 2005, but the actual code didn’t
|
||
change it until late last year. This will default us to the setting that
|
||
actually works. To revert this you can call
|
||
OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default"). #234
|
||
|
||
- fixed paths in bug-lp-1265482.diff
|
||
- fixed doc generation
|
||
- spec clean up
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 14 13:07:00 UTC 2015 - toddrme2178@gmail.com
|
||
|
||
- Fix building on SLES 11
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 22 09:50:09 UTC 2015 - mcihar@suse.cz
|
||
|
||
- Do not hardcode version in file list
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 22 09:42:53 UTC 2015 - mcihar@suse.cz
|
||
|
||
- udapte to 0.15.1
|
||
* OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression
|
||
present in 0.15, where when an error occurs and no errno() is set,
|
||
a KeyError is raised. This happens, for example, if
|
||
Connection.shutdown() is called when the underlying transport has
|
||
gone away.
|
||
* OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted
|
||
filenames only as bytes now accept them as either bytes or
|
||
unicode (and respect sys.getfilesystemencoding()).
|
||
* OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation
|
||
(NPN) bindings.
|
||
* OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the
|
||
builtin ``socket.recv_into``. Based on work from Cory Benfield.
|
||
* OpenSSL/test/test_ssl.py: Add tests for ``recv_into``.
|
||
* OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates.
|
||
* OpenSSL/test/test_crypto.py: Add intermediate certificates for
|
||
* OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
|
||
underlying socket.
|
||
* OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
|
||
causing it to always succeed - even if it should fail.
|
||
* OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data``
|
||
with ``FILETYPE_ASN1`` would fail with a ``NameError``.
|
||
* OpenSSL/SSL.py: Fix a regression in which the first argument of
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 24 12:58:58 UTC 2014 - mvyskocil@suse.com
|
||
|
||
- update to 0.14
|
||
* Support for TLSv1.1 and TLSv1.2
|
||
* First-class support for PyPy
|
||
* New flags, such as MODE_RELEASE_BUFFERS and OP_NO_COMPRESSION
|
||
* Some APIs to access to the SSL session cache
|
||
* A variety of bug fixes for error handling cases
|
||
* Documentation has been converted from LaTeX
|
||
+ python-pyOpenSSL-doc is now build from single spec file
|
||
* pyOpenSSL now depends on cryptography, so it became pure-python
|
||
module
|
||
+ changed to noarch package, add proper dependencies
|
||
* Development moved to github
|
||
+ changed Url tag respectivelly
|
||
- refreshed bug-lp-1265482.diff
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 2 11:17:23 UTC 2014 - dmueller@suse.com
|
||
|
||
-Add bug-lp-1265482.diff; fix testsuite for SLE11 (bnc#855666)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 13 14:02:43 UTC 2013 - jmatejek@suse.com
|
||
|
||
- update to 0.13.1
|
||
* fixes NUL byte handling in subjectAltName (bnc#839107, CVE-2013-4314)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 5 07:54:12 UTC 2013 - speilicke@suse.com
|
||
|
||
- Package LICENSE
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 9 18:34:08 PDT 2012 - msuman@opensuse.org
|
||
|
||
- Update to version 0.13
|
||
* Add OPENSSL_VERSION_NUMBER, SSLeay_version and related
|
||
constants for retrieving version information about the
|
||
underlying OpenSSL library.
|
||
* Support OpenSSL 1.0.0a and related changes.
|
||
* Remove SSLv2 support if the underlying OpenSSL library does
|
||
not provide it.
|
||
* Add a new method to the X509 type, get_signature_algorithm.
|
||
* Add a new method to the Connection type, get_peer_cert_chain.
|
||
* Add the PKey.check method to verify the internal consistency
|
||
of a PKey instance.
|
||
* Bug fixes.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 1 08:48:23 UTC 2011 - saschpe@suse.de
|
||
|
||
- Changed license to Apache-2.0, to fix bnc#715423
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 31 14:21:58 UTC 2011 - saschpe@suse.de
|
||
|
||
- Initial version, obsoletes 'python-openssl':
|
||
* Builds properly on all SUSE version
|
||
* Has real HTML documentation
|
||
|